Network Working Group G. Schudel
Internet-Draft A. Jain
Intended status: Experimental V. Moreno
Expires: July 9, 2011 cisco Systems
January 5, 2011
LISP MIBdraft-ietf-lisp-mib-00
Abstract
This document defines managed objects for the Locator/ID Separation
Protocol (LISP). These objects provide information useful for
monitoring LISP devices, including basic configuration information,
LISP status, and operational statistics.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 9, 2011.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Schudel, et al. Expires July 9, 2011 [Page 1]

Internet-Draft LISP MIB January 20111. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. Introduction
This draft describes the Management Information Base (MIB) module for
use with network management protocols in the Internet community.
Specifically, the MIB for managing Locator/ID Separation Protocol
(LISP) devices is described.
LISP [LISP] specifies a network-based architecture and mechanisms
that implement a new semantic for IP addressing using two separate
name spaces: Endpoint Identifiers (EIDs), used within sites, and
Routing Locators (RLOCs), used on the transit networks that make up
the Internet infrastructure. To achieve this separation, LISP
defines protocol mechanisms for mapping from EIDs to RLOCs. In
addition, LISP assumes the existence of a database to store and
globally propagate those mappings [LISP-MS] [LISP-ALT].
From a data plane perspective, LISP traffic is handled exclusively at
the network layer by devices performing Ingress Tunnel Router (ITR)
and Egress Tunnel Router (ETR) LISP functions. Data plane operations
performed by these devices are described in [LISP]. Additionally,
data plane interworking between legacy (Internet) and LISP sites is
implemented by devices performing Proxy ITR (PITR) and Proxy ETR
(PETR) functions. The data plane operations of these devices is
described in [INTERWORK].
From a control plane perspective, LISP employs mechanisms related to
creating, maintaining, and resolving mappings from EIDs to RLOCs.
LISP ITRs, ETRs, PITRs, and PETRs perform specific control plane
functions, and these control plane operations are described in
[LISP]. Additionally, LISP infrastructure devices supporting LISP
control plane functionality include Map-Servers and Map-Resolvers,
and the control plane operations of these devices are described in
[LISP-MS]. Finally, while not specifically required, this document
assumes that a LISP+ALT database mapping infrastructure exists as
part of the LISP control plane. The control plane operations of the
ALT are described in [LISP-ALT]. Note that this MIB does not provide
support for the ALT since ALT statistics may be obtained through
existing BGP and tunnel MIBs.
Schudel, et al. Expires July 9, 2011 [Page 3]

Internet-Draft LISP MIB January 20113. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
4. Definition of Terms
Routing Locator (RLOC): a 32-bit (for IPv4) or 128-bit (for IPv6)
value used in the source and destination address fields of the
second (outer-most) IP header of a LISP packet. RLOC addresses
are allocated to an egress tunnel router (ETR) and numbered from
topologically-aggregatable blocks assigned to a site at each point
to which it attaches to the global Internet.
Endpoint ID (EID): a 32-bit (for IPv4) or 128-bit (for IPv6) value
used in the source and destination address fields of the first
(inner-most) IP header of a LISP packet. A source EID is
allocated to a host from an EID-prefix block associated with the
site where the host is located. A host determines a destination
EID in the same way that it determines a destination address
today, for example through a DNS lookup or SIP exchange.
EID-to-RLOC Map-Cache: a short-lived, on-demand table maintained
locally in an ITR or PITR that stores, tracks, and is responsible
for timing-out and otherwise validating EID-to-RLOC mappings.
This table is distinct from the full "database" of EID-to-RLOC
mappings in that it is dynamic and relatively small. At a given
moment in time, it consists only of entries for those sites to
which the ITR or PITR is currently communicating or has
communicated with within the configured TTL period.
EID-to-RLOC Mapping-Database: a global distributed database that
contains all known EID-to-RLOC mappings. Each potential ETR
typically contains a small piece of the database consisting of
only the EID-to-RLOC mappings for the EID prefix(es) for which the
ETR is "authoritative" and the RLOC(s) by which those EID
prefix(es) are reachable from the global Internet.
Schudel, et al. Expires July 9, 2011 [Page 4]

Internet-Draft LISP MIB January 2011
Ingress Tunnel Router (ITR): a router that accepts an IP packet with
a single IP header (more precisely, an IP packet that does not
contain a LISP header), treats this "inner" IP destination address
as an EID and performs an EID-to-RLOC mapping lookup, and then
prepends an "outer" IP header with one of its own globally-
routable RLOCs in the source address field and the RLOC resulting
from the mapping lookup in the destination address field. That
is, in general an ITR receives an IP packet from site end-systems
on one side and sends a LISP-encapsulated IP packet toward the
Internet on the other side.
Egress Tunnel Router (ETR): a router that accepts an IP packet where
the destination address in the "outer" IP header is one of its own
RLOCs, strips the "outer" header, and forwards the packet based on
the next IP header found. That is, in general an ETR receives
LISP-encapsulated IP packets from the Internet on one side and
sends decapsulated IP packets toward site end-systems on the other
side.
xTR: is a general reference to an ITR or ETR when direction of data
flow is not part of the context description. xTR refers to the
router that is the tunnel endpoint and performs both ITR and ETR
functionality. For example, "An xTR can be located at the
Customer Edge (CE) router", meaning both ITR and ETR functionality
is activated at the CE router.
Proxy ITR (PITR): a router that acts like an ITR but does so on
behalf of non-LISP sites which send packets to destinations at
LISP sites. The PITR, also known as a PTR, is defined and
described in [INTERWORK].
Proxy ETR (PETR): a router that acts like an ETR but does so on
behalf of LISP sites which send packets to destinations at non-
LISP sites. The PETR is defined and described in [INTERWORK].
LISP Site: is a set of routers in an edge network that are under a
single technical administration. LISP routers which reside in the
edge network are the demarcation points to separate the edge
network from the core network.
Map-Server: a LISP network infrastructure component which learns
EID-to-RLOC mapping entries from an authoritative source such as
an ETR though static configuration, or another out-of-band
mechanism. A Map-Server advertises these mappings into the
distributed mapping database such as that described in [LISP-ALT].
Schudel, et al. Expires July 9, 2011 [Page 5]

Internet-Draft LISP MIB January 2011
Map-Resolver: a LISP network infrastructure component which accepts
LISP Encapsulated Map-Requests, typically from an ITR, and quickly
determines whether or not the destination IP address is part of
the EID namespace. If it is, the Map-Resolver finds the
appropriate EID-to-RLOC mapping by consulting the distributed
mapping database system such as that described in [LISP-ALT]. If
it is not, a Negative Map-Reply is immediately returned.
Map-Reply: a LISP Map-Reply message type returned in response to a
Map-Request for a destination EID that exists in the mapping
database and contains the locator-set and associated policy for
the queried EID. Information returned in a Map-Reply is stored in
the EID-to-RLOC Map-Cache.
Negative Map-Reply: a LISP Map-Reply message type that contains an
empty locator-set. Returned in response to a Map-Request if the
destination EID does not exist in the mapping database.
Typically, this means that the "EID" being requested is an IP
address connected to a non-LISP site. Information returned in a
Negative Map-Reply is stored in the EID-to-RLOC Map-Cache.
LISP+ALT: a static network built using Border Gateway Protocol (BGP,
[RFC4271]), BGP multi-protocol extension [RFC4760], and Generic
Routing Encapsulation (GRE, [RFC2784]) to construct an overlay
network of devices (ALT Routers) which operate on EID-prefixes and
use EIDs as forwarding destinations. This LISP+ALT network may,
but is not required to be, used by LISP to find EID-to-RLOC
mappings. LISP+ALT is described in [LISP-ALT].
5. LISP MIB Objectives
The objectives for defining this LISP MIB module are as follows:
o Provide a means for obtaining a list of enabled LISP features and
the current status of configuration attributes related to those
features. As an example, LISP capabilities which could be enabled
include ITR, ETR, PITR, PETR, MS or MR support for IPv4 or IPv6
address families. Other examples include, indicating whether
rloc-probing is enabled, and indicating the configured map-cache
limit value.
o Provide a means for obtaining the current attributes of various
LISP tables, such as the EID-to-RLOC policy data contained in the
Map-Cache, or the local EID-to-RLOC policy data contained in the
Mapping-Database.
o Provide a means for obtaining the current operational statistics
of various LISP functions, such as the number of packets
Schudel, et al. Expires July 9, 2011 [Page 6]

Internet-Draft LISP MIB January 2011
encapsulated and decapsulated by the device. Other counters of
operational interest, depending on LISP function, include things
like the current number of map-cache entries, and the total number
and rate of map-requests received and sent.
6. Structure of LISP MIB Module6.1. Overview of Defined Notifications
No LISP MIB notifications are defined.
6.2. Overview of Defined Tables
The LISP MIB module is composed of ten tables of objects, as follows:
Lisp - This table provides information representing the various lisp
features that can be enabled on LISP devices.
LispMappingDatabase - This table represents the EID-to-RLOC database
that contains the EID-prefix to RLOC mappings configured on an
ETR. In general, this table would be representative of all such
mappings for a given site that this device belongs to.
LispMappingDatabaseLocator - This table represents the set of
routing locators contained in the EID-to-RLOC database configured
on an ETR.
LispMapCache - This table represents the short-lived, on-demand
table on an ITR that stores, tracks, and is responsible for
timing-out and otherwise validating EID-to-RLOC mappings.
LispMapCacheLocator - This table represents the set of locators per
EID prefix contained in the map-cache table of an ITR.
LispSite - This table provides the properties of each lisp site that
is served by this device when configured to be a Map-Server.
LispSiteLocator - This table provides the properties of all locators
per lisp site that is served by this device when configured to be
a Map-Server.
LispMapServers - This table provides the properties of all Map-
Servers that this device is configured to use.
LispMapResolvers - This table provides the properties of all Map-
Resolvers that this device is configured to use.
Schudel, et al. Expires July 9, 2011 [Page 7]

Internet-Draft LISP MIB January 2011
the following four tuples:
1. IANA Address Family Numbers: This tuple follows
the AddressFamilyNumbers textual-convention
described in [IANA]. The enumerations are listed
in [IANA]. Note that the list of address family
numbers is maintained by IANA.
2. Length of LISP address: This tuple is an INTEGER
to give the octet length of the next tuple.
3. Lisp address: A lisp address can be an address
belonging to any of the IANA Address Families.
Particularly, when the address family is Lisp
Canonical Address Format (LCAF) [LCAF] with IANA
assigned Address Family Number 16387, then
the first octet of this tuple indicates the LCAF
type, and the rest of this tuple is same as the
encoding format of the LISP Canonical Address
after the length field, as defined in [LCAF].
4. Mask-length of lisp address."
REFERENCE "[LISP]"
SYNTAX OCTET STRING (SIZE (0..1024))
lispTable OBJECT-TYPE
SYNTAX SEQUENCE OF lispEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table represents the various lisp features
that can be enabled on lisp devices."
REFERENCE "[LISP]"
::= { lisp 1 }
lispEntry OBJECT-TYPE
SYNTAX lispEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) in the lispTable."
INDEX { lispAfi }
::= { lispTable 1 }
lispEntry ::= SEQUENCE {
lispAddressFamily AddressFamilyNumbers,
lispItrEnabled TruthValue,
lispEtrEnabled TruthValue,
lispProxyItrEnabled TruthValue,
lispProxyEtrEnabled TruthValue,
Schudel, et al. Expires July 9, 2011 [Page 9]

Internet-Draft LISP MIB January 2011
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Total number of map requests sent by this device
for any EID prefix of the given address family."
::= { lispEntry 15 }
lispMapRepliesIn OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Total number of map replies received by this device
for any EID prefix of the given address family."
::= { lispEntry 16 }
lispMapRepliesOut OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Total number of map replies sent by this device for
any EID prefix of the given address family."
::= { lispEntry 17 }
lispMapRegistersIn OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Total number of map registers received by this device
for any EID prefix of the given address family."
::= { lispEntry 18 }
lispMapRegistersOut OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Total number of map registers sent by this device
for any EID prefix of the given address family."
::= { lispEntry 19 }
lispMappingDatabaseTable OBJECT-TYPE
SYNTAX SEQUENCE OF lispMappingDatabaseEntry
MAX-ACCESS not-accessible
Schudel, et al. Expires July 9, 2011 [Page 13]

Internet-Draft LISP MIB January 2011
DESCRIPTION
"The number of octets of Lisp packets that were
addressed to this RLOC of the EID-prefix and
were decapsulated."
::= { lispMappingDatabaseLocatorEntry 11 }
lispMappingDatabaseLocatorRlocDecapPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of Lisp packets that were addressed to
this RLOC of the EID-prefix and were decapsulated."
::= { lispMappingDatabaseLocatorEntry 12 }
lispMappingDatabaseLocatorRlocEncapOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of octets of Lisp packets that were
encapsulated by this device using this RLOC
address as the source, and that were sourced by
an address of this EID-prefix."
::= { lispMappingDatabaseLocatorEntry 13 }
lispMappingDatabaseLocatorRlocEncapPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of Lisp packets that were encapsulated
by this device using this RLOC address as the
source, and that were sourced by an address of
this EID-prefix."
::= { lispMappingDatabaseLocatorEntry 14 }
lispMapCacheTable OBJECT-TYPE
SYNTAX SEQUENCE OF lispMapCacheEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table represents the short-lived, on-demand
table on an ITR that stores, tracks, and is
responsible for timing-out and otherwise
validating EID-to-RLOC mappings."
REFERENCE "[LISP]"
Schudel, et al. Expires July 9, 2011 [Page 19]

Internet-Draft LISP MIB January 2011
"The up time of the EID prefix."
::= { lispMapCacheEntry 3 }
lispMapCacheEidExpiryTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The time remaining on the EID prefix before
the ITR times-out the prefix."
::= { lispMapCacheEntry 4 }
lispMapCacheEidState OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"This object is used to indicate the activty
of this EID prefix. A value of 0 implies the
EID prefix is idle. A value of 1 implies the
EID prefix is active.
::= { lispMapCacheEntry 5 }
lispMapCacheEidAuthoritative OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"This object is used to indicate whether the
EID prefix was installed by an authoritative
map-reply. A value of 0 implies the EID prefix
was installed by an authoritative map-reply,
and a value of 1, otherwise."
::= { lispMapCacheEntry 6 }
lispMapCacheDecapOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of octets of Lisp packets that were
decapsulated by this device and were sourced
from a remote host within this EID-prefix."
::= { lispMapCacheEntry 7 }
lispMapCacheDecapPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
Schudel, et al. Expires July 9, 2011 [Page 21]

Internet-Draft LISP MIB January 2011
STATUS current
DESCRIPTION
"The number of Lisp packets that were
decapsulated by this device and were sourced
from a remote host within this EID-prefix."
::= { lispMapCacheEntry 8 }
lispMapCacheEncapOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of octets of Lisp packets that were
encapsulated by this device using the given
EID-prefix in the map cache."
::= { lispMapCacheEntry 9 }
lispMapCacheEncapPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of Lisp packets that were encapsulated
by this device using the given EID-prefix in the
map cache."
::= { lispMapCacheEntry 10 }
lispMapCacheLocatorTable OBJECT-TYPE
SYNTAX SEQUENCE OF lispMapCacheLocatorEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table represents the set of locators per
EID prefix contained in the map-cache table of
an ITR."
REFERENCE "[LISP]"
::= { lisp 5 }
lispMapCacheLocatorEntry OBJECT-TYPE
SYNTAX lispMapCacheLocatorEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) in the lispMapCacheLocatorTable."
INDEX { lispMapCacheLocatorEidLength
lispMapCacheLocatorEid
lispMapCacheLocatorRlocLength
Schudel, et al. Expires July 9, 2011 [Page 22]

Internet-Draft LISP MIB January 2011
DESCRIPTION
"The state of this RLOC as per this device.
0 is for up, 1 is for down ..."
::= { lispMapCacheLocatorEntry 9 }
lispMapCacheLocatorRlocUpTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The up-time of this RLOC."
::= { lispMapCacheLocatorEntry 10 }
lispMapCacheLocatorRlocLastPriorityChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Time since the last change of the unicast
priority of the RLOC for this EID prefix."
::= { lispMapCacheLocatorEntry 11 }
lispMapCacheLocatorRlocLastWeightChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Time since the last change of the unicast weight
of the RLOC for this EID prefix."
::= { lispMapCacheLocatorEntry 12 }
lispMapCacheLocatorRlocLastMPriorityChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Time since the last change of the multicast
priority of the RLOC for this EID prefix."
::= { lispMapCacheLocatorEntry 13 }
lispMapCacheLocatorRlocLastMWeightChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Time since the last change of the multicast
weight of the RLOC for this EID prefix."
::= { lispMapCacheLocatorEntry 14 }
Schudel, et al. Expires July 9, 2011 [Page 25]

Internet-Draft LISP MIB January 2011
lispMapCacheLocatorRlocLastStateChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Time since the last change of the up/down
state of the RLOC for this EID prefix."
::= { lispMapCacheLocatorEntry 15 }
lispMapCacheLocatorRlocRtt OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Round trip time of RLOC probe and map-reply
for this RLOC address for this prefix."
::= { lispMapCacheLocatorEntry 16 }
lispMapCacheLocatorRlocDecapOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of octets of Lisp packets that were
decapsulated by this device and were sourced
from a remote host within this EID-prefix and
were encapsulated for this RLOC."
::= { lispMapCacheLocatorEntry 17 }
lispMapCacheLocatorRlocDecapPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of octets of Lisp packets that were
decapsulated by this device and were sourced
from a remote host within this EID-prefix and
were encapsulated for this RLOC."
::= { lispMapCacheLocatorEntry 18 }
lispMapCacheLocatorRlocEncapOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"The number of octets of Lisp packets that matched
this EID-prefix and were encapsulated using this
RLOC address."
Schudel, et al. Expires July 9, 2011 [Page 26]

Internet-Draft LISP MIB January 2011
STATUS current
DESCRIPTION
"This object is used to get the length of
lispSiteEidRegisterSender, the next object."
::= { lispSiteEntry 6 }
lispSiteEidRegisterSender OBJECT-TYPE
SYNTAX LispAddressType
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Source address of the last valid register message for
the given EID prefix that was received by this device."
::= { lispSiteEntry 7 }
lispSiteEidRouteTag OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Value of the routing table tag that contains the
given EID prefix."
::= { lispSiteEntry 8 }
lispSiteEidAuthenticationErrors OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Count of total authentication errors of map-registers
received for the given EID prefix."
::= { lispSiteEntry 9 }
lispSiteEidRegisterRlocsMismatch OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS accessible
STATUS current
DESCRIPTION
"Count of total map-registers received that had at
least one RLOC that was not in the allowed list of
RLOCs for the given EID prefix."
::= { lispSiteEntry 10 }
lispSiteLocatorTable OBJECT-TYPE
SYNTAX SEQUENCE OF lispSiteLocatorEntry
MAX-ACCESS not-accessible
STATUS current
Schudel, et al. Expires July 9, 2011 [Page 29]

Internet-Draft LISP MIB January 2011
"State of this Proxy ETR configured on this device.
Value 0 implies that this Proxy ETR is down, and a
value of 1 implies that this Proxy ETR is up."
::= { lispUseProxyEtrEntry 3 }
8. Relationship to Other MIB Modules8.1. MIB modules required for IMPORTS
The LISP MIB imports the textual-convention AddressFamilyNumbers from
the IANA-ADDRESS-FAMILY-NUMBERS-MIB [IANA].
9. Security Considerations
There are no management objects defined in this MIB module that have
a MAX-ACCESS clause of read-write and/or read-create. As long as
these MIB modules are implemented correctly, there are no risks that
any management objects of this MIB module can modify device settings
via direct SNMP SET operations.
There are no readable objects in this MIB module (i.e., objects with
a MAX-ACCESS other than not-accessible) that are considered
sensitive.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec),
there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this
MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of these MIB modules is properly configured to give access
to the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
10. IANA Considerations
LISP is an experimental protocol and the LISP MIB is an experimental
MIB. No IANA actions are required by this document.
Schudel, et al. Expires July 9, 2011 [Page 37]